OSS Index rate limit exceeded, disabling the analyzer

[Muskan-0618]

trafficstars

We are experiencing OSS rate limit error in some of our scans. Complete error message is:-

OSS Index rate limit exceeded, disabling the analyzer
exception: org.owasp.dependencycheck.analyzer.exception.AnalysisException: OSS Index rate limit exceeded, disabling the analyzer
org.owasp.dependencycheck.analyzer.OssIndexAnalyzer.analyzeDependency(OssIndexAnalyzer.java:151)
org.owasp.dependencycheck.analyzer.AbstractAnalyzer.analyze(AbstractAnalyzer.java:131)
org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:88)
org.owasp.dependencycheck.AnalysisTask.call(AnalysisTask.java:37)
java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
java.base/java.lang.Thread.run(Thread.java:834)

We are using the OSS Index credentials to trigger the scans but still getting this error if multiple scans(more than 4) are getting triggered at an interval of 1-2 mins.

Any form assistance would be greatly appreciated.

[aikebah]

ensure to persist and share the data folder of dependencycheck among those invocations to benefit from reusing recent (cached) responses from other scans on identical libraries

[jeremylong]

@aikebah I think we can do better on the caching for the OSS Index... but saving the data folder between scans is something far too few users do and it causes them issues.